<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
  "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title></title>
<link href="../style/ebook.css" type="text/css" rel="stylesheet">
</head>
<body>
<h1>Experimental Rest API</h1>
<p>Airflow exposes an experimental Rest API. It is available through the webserver. Endpoints are
available at /api/experimental/. Please note that we expect the endpoint definitions to change.</p>
<div class="section" id="endpoints">
<h2 class="sigil_not_in_toc">Endpoints</h2>
<p>This is a place holder until the swagger definitions are active</p>
<ul class="simple">
<li>/api/experimental/dags/&lt;DAG_ID&gt;/tasks/&lt;TASK_ID&gt; returns info for a task (GET).</li>
<li>/api/experimental/dags/&lt;DAG_ID&gt;/dag_runs creates a dag_run for a given dag id (POST).</li>
</ul>
</div>
<div class="section" id="cli">
<h2 class="sigil_not_in_toc">CLI</h2>
<p>For some functions the cli can use the API. To configure the CLI to use the API when available
configure as follows:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="o">[</span>cli<span class="o">]</span>
<span class="nv">api_client</span> <span class="o">=</span> airflow.api.client.json_client
<span class="nv">endpoint_url</span> <span class="o">=</span> http://&lt;WEBSERVER&gt;:&lt;PORT&gt;
</pre>
</div>
</div>
</div>
<div class="section" id="authentication">
<h2 class="sigil_not_in_toc">Authentication</h2>
<p>Authentication for the API is handled separately to the Web Authentication. The default is to not
require any authentication on the API &#x2013; i.e. wide open by default. This is not recommended if your
Airflow webserver is publicly accessible, and you should probably use the deny all backend:</p>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[api]</span>
<span class="na">auth_backend</span> <span class="o">=</span> <span class="s">airflow.api.auth.backend.deny_all</span>
</pre>
</div>
</div>
<p>Two &#x201C;real&#x201D; methods for authentication are currently supported for the API.</p>
<p>To enabled Password authentication, set the following in the configuration:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="o">[</span>api<span class="o">]</span>
<span class="nv">auth_backend</span> <span class="o">=</span> airflow.contrib.auth.backends.password_auth
</pre>
</div>
</div>
<p>It&#x2019;s usage is similar to the Password Authentication used for the Web interface.</p>
<p>To enable Kerberos authentication, set the following in the configuration:</p>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[api]</span>
<span class="na">auth_backend</span> <span class="o">=</span> <span class="s">airflow.api.auth.backend.kerberos_auth</span>

<span class="k">[kerberos]</span>
<span class="na">keytab</span> <span class="o">=</span> <span class="s">&lt;KEYTAB&gt;</span>
</pre>
</div>
</div>
<p>The Kerberos service is configured as <code class="docutils literal notranslate"><span class="pre">airflow/fully.qualified.domainname@REALM</span></code>. Make sure this
principal exists in the keytab file.</p>
</div>
</body>
</html>